Fascinated by the realm of serverless architectures and their security misconfigurations? Azure Function Apps have revolutionized cloud computing, offering an innovative serverless solution for executing code on demand that can interact with multiple services. However, there is a spectrum of potential security misconfigurations and abuse primitives waiting to be exploited by threat actors.
The talk will delve into various approaches to gaining access to the Function App source code that may leak sensitive information, which indeed can help us in gaining access to other services. We will also look at the approach of deploying backdoors in the Function App in many different languages like .NET, Java, Python, etc. Additionally, we will walkthrough not just the languages but also how different forms of function app deployment that can create unique attack scenarios which can lead to lateral movement or even gaining complete control over the function app codes. Furthermore, we will look through some advanced configurations of function apps that can be leveraged by attackers to pivot from cloud to on-prem servers. In this talk, we will showcase a real-life demo from one of our Azure pentests that allowed us to perform escalation and lateral movement through function apps, ultimately granting us privileged access to AADConnect Servers.
By uncovering these techniques and providing practical insights into exploitation and mitigation, this research offers valuable knowledge to the cybersecurity community and cloud pentesters. It helps organizations enhance their security posture in the context of Function Apps.
Chirag Savla is a Cyber Security professional with 9+ years of experience. His areas of interest include penetration testing, red teaming, azure and active directory security, and post-exploitation research. He prefers to create open-source tools and explore new attack methodologies in his leisure. He has worked extensively on Azure, Active Directory attacks, defense, and bypassing detection mechanisms. He is an author of multiple Open-Source tools such as Process Injection, Callidus, etc. He has presented at multiple conferences and local meetups and has trained people in international conferences like Blackhat, BSides Milano, Wild West Hackin’ Fest.